3 matches found
org.apache.dubbo:dubbo-spring-boot-actuator (=3.1.5), org.apache.dubbo:dubbo-spring-boot-actuator-compatible (=3.1.5) +5 more potentially affected by CVE-2023-46279 via org.apache.dubbo:dubbo (=3.1.5)
org.apache.dubbo:dubbo MAVEN version =3.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.dubbo:dubbo and may be impacted: - org.apache.dubbo:dubbo-spring-boot-actuator =3.1.5 - org.apache.dubbo:dubbo-spring-boot-actuator-compatible =3.1.5...
CVE-2023-46279 Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue...
CVE-2023-46279
CVE-2023-46279 describes a Deserialization of Untrusted Data vulnerability in Apache Dubbo , affecting only version 3.1.5 . Multiple sources (NVD entry and Red Hat/CNVDOSV mirrors) confirm the issue stems from unsafe deserialization and leads to a high-impact compromise if exploited. The NVD metr...